Last month, we shared tactical insights and recommendations on how to shift your existing environments to deploy Windows 10 feature updates to remote endpoints using Windows Update for Business in order to roll out updates more consistently and with greater automation.
Today, we want to complement this approach with the introduction of a Windows servicing calendar and by providing you with guidance, whether you use on-premises or cloud-based tooling, on the changes you might want to consider for your environments and when those changes should be rolled out.
The calendar helps you shift your Windows 10 servicing cadence from a project-based effort to a more fluid process that aligns across the release cycles of Windows, Office, and endpoint management tools, such as Configuration Manager. Additionally, it provides recommendations on how to modernize your environment to move to a data-driven servicing model and showcase new capabilities to users. If you are using Windows Update for Business today, our guidance is to maintain that approach and review this article for insights on how to schedule configuration changes and improve the user experience during deployment.
Let's get started.
To many organizations, applying Windows 10 feature updates requires more than just deploying the feature update to endpoints–common tasks include updating the supporting infrastructure and configurations, validating applications before broad deployment, and assessing new features. For this reason, the calendar template incorporates information on when to update the dependencies most common across commercial organizations to support Windows feature updates, including Microsoft 365 Apps, Microsoft Endpoint Configuration Manager, and Microsoft Security Baselines.
Microsoft’s strategic guidance around Windows as a service has remained constant: plan, prepare, and deploy. This article maintains that approach and adds guidance and timing considerations to each of the plan, prepare, and deploy phases. Four additional consistent focus areas can be identified across each of the plan, prepare and deploy phases, which are:
To get the most value from this article, you should familiarize yourself with the editions of Windows 10 in your environment and read through the entire process. Then, using the recommendations and supporting material in each phase, align to one (or more) calendar cadences aligned to your business need, or integrate the recommendations into your existing servicing process.
Windows delivers innovation with improvements to servicing, security, performance and productivity with every release. While we encourage organizations to strive towards deploying every release to at least some portion of their estate, we also recognize that organizations with very high device counts, and the need for no/low disruption environments will choose to update less frequently.
The modern calendar approach can be used for servicing across Microsoft products and services in a way that is flexible for your business needs and accommodates a faster or slower cadence of innovation adoption. Currently, organizations of all sizes use different cadences for feature updates. Typically, organizations default to adopting a feature update annually that is serviced for 30 months. As organizations modernize their environment and update processes, they become more comfortable with accelerating to adopt feature updates as they become available, to an increasing portion of their estate. For further information on how all feature updates are serviced, please see the Windows lifecycle fact sheet.
Performing Windows 10 feature updates less often than once annually has the potential for devices to go out of service and be vulnerable to security threats, as they will stop receiving monthly security updates. Organizations that are typically blocked from updating annually experience slow, fragmented application testing across their business, must wait for a critical ISV to release a support statement, encounter unwillingness from regional IT to "disrupt" users, or have limited endpoint connectivity to perform an update. Organizations that experience these blockers should use this guide to find opportunities to optimize their processes, and use the Enterprise / Education editions of Windows 10 for its extended servicing benefits. Organizations are also encouraged to modify timings as needed across each phase to address resource availability, one-time deployments of infrastructure that support the servicing motion, or deployment duration for larger organizations that have over 50,000 Windows endpoints.
This article presents two calendar options for consideration to help commercial organizations align with Windows. Depending on the volume of endpoints you are updating, deployment timelines will vary and should be stretched based on your business need and the amount of servicing provided by the edition of Windows 10 used in your organization. We recommend reviewing each option and then consider what a default servicing cadence will be for your organization and then what portions of the business can or would benefit from a quicker cadence, based on worker persona type, business function or location.
The calendar below shows an example schedule to apply one Windows 10 feature update to a commercial environment, aligned to Microsoft Endpoint Configuration Manager and Microsoft 365 Apps release cycles:
Figure 1. Annual cadence
The calendar above uses a rolling 12-month update cadence to update all devices, meaning that all devices will receive one feature update annually. For some organizations, deployment may take longer than the three-month window provided, and will result in an enterprise having two versions of Windows 10 in the estate. By aligning to the Windows 10, version H2 feature update, Enterprise and Education editions of Windows 10 will be serviced for 30 months from the time of availability, giving commercial organizations with these editions more flexibility when applying future feature updates.
Enterprises who selectively deploy Windows feature updates on this cadence have the following characteristics in common:
Once enterprises are familiar with deploying feature updates on an annual cadence, shifting to a rapid cadence is often possible with minor increases in effort, as plan and prepare motions are well established. When coupled with lower update deployment times through improvements in how updates are applied, a rapid cadence is within reach for enterprises of any size. The diagram below shows the update cycle that can be applied to service Windows on a rapid cadence, and the service duration that each feature update provides when implemented.
Figure 2. Rapid cadence
Enterprises that benefit from the rapid servicing process have the following characteristics:
Organizations can expect to update infrastructure dependencies on the following schedule for each cadence:
Figure 3. Infrastructure and configuration dependencies
For organizations that plan to apply one or both Windows feature updates each calendar year, investments should be made across compatibility, deployment, capability, and modernization. For organizations looking to reduce the amount of effort needed to apply updates by only maintaining supportability, the majority of effort should be focused on compatibility and deployment activities when feature updates are deployed. This approach is explained in detail in the each of the plan, prepare, and deploy phases below:
Duration - Up to 4 weeks
A robust planning stage enables commercial organizations to:
Recommendations on how to achieve the above outcomes are included below. The duration of the plan phase will vary dependent on how many of the processes or tooling recommendations are already adopted.
Commercial organizations must feel confident that a Windows 10 feature update will not cause interruption to their critical line of business applications. Microsoft is committed to ensuring your apps work on the latest versions of our software, and with Microsoft App Assure, commercial organizations can receive no-cost app compatibility assistance when deploying Windows 10 and Microsoft 365 Apps with an eligible subscription. The following recommendations build on this confidence for application and device compatibility and help commercial organizations plan for the next Windows 10 feature update.
In order to deploy at scale, IT Admins need to ensure their deployment engine is ready. This includes making sure the infrastructure and security applications are up to date with supported versions. Any new training for support teams should also be planned at this stage. The recommendations below help commercial organizations to be successful during deployment planning:
The deployment of a Windows 10 feature update alongside updates to infrastructure, and configuration and productivity applications unlock new features and working scenarios for users and IT. Teams should be aware of new features or functionality that help streamline the deployment and make the end user experience better. The constant innovation in the servicing stack of the OS, or with Configuration Manager and Intune may provide added benefits to the deployment that weren't previously available. Capability planning should be focused on improving user experience, maintaining productivity, and minimizing user interruption during the update process. The following recommendations help to provide structure to these outcomes:
Windows servicing can be improved through efficiencies in process and adoption of Microsoft cloud tooling. Planning for modernization of the Windows servicing process will be dependent on a commercial customer’s ability to optimize internal deployment and testing processes, and consume cloud services that improve the Windows servicing experience. Often, commercial organizations see the benefit of tooling to improve the process but may not be able to immediately take advantage it due to technical debt or industry regulation. The following recommendations can assist commercial organizations understand where to invest effort to improve the process:
Duration - Up to 8 weeks
Commercial organizations that succeed at applying feature updates at a rapid cadence have a preparation process that enables them to:
Recommendations on how to achieve the above outcomes are included below.
With an application portfolio in place, and application importance/ownership assigned, critical and important applications can be tested. The focus of this section is how to test, what platform to test on, and how to expand testing to a pilot deployment group. Organizations that adopt a rapid approach test fewer applications than more cautious organizations, as they generally have confidence in their application and device compatibility.
Not all tooling and configuration that requires an update will be available before the Windows 10 feature update is released. Organizations that move at a rapid cadence update tooling and configuration when available, and document / triage issues that arise after a result of the update. They have shifted their approach from waiting until all tooling and configuration is available, to one where testing is part of daily use, and the production environment is constantly evolving as new updates are applied.
Capability initiatives defined in the planning phase are implemented or configured in the prepare phase. The following recommendations can empower users to receive additional value out of Windows 10 and Microsoft 365 Apps:
Modernization initiatives of the prepare phase can involve the following activities:
Duration - Up to 12 weeks
The method used to deploy a Windows 10 feature update depends on the tooling used. Deploying a Windows 10 feature update through Windows Update for Business has a unique shift from traditional methods. Specifically, rather than have “push” controls where IT sends down the update to the next ring using Configuration Manager, Windows Update for Business provides “pull” controls to stop the update that would automatically go to the next ring. This is a mental shift for many IT Admins, as they have little to do if everything is going right. More attention needs to be spent to determine if the update needs to be stopped or slowed in the event that end users have a poor or broken experience. Desktop Analytics provides real time data to help make decisions and increase IT confidence.
Commercial organizations that succeed at deploying feature updates with no loss in business productivity and minimal user disruption perform the following actions:
These recommendations are expanded and split into pilot and broad deployment stages below:
Duration: 1-4 weeks
The pilot deployment begins when the prepare phase is complete with configuration and infrastructure updated. The first-time work to prepare and the results of the pilot provide long-term value for each future deployment by minimizing time to deploy of feature updates. Consider the following recommendations for pilot deployment:
Duration: Up to 8 weeks
Once the pilot configuration is worked out to ensure a consistent predictable end user experience, and deployment rings created, broad deployment is ready to go. Configuration Manager provides granular controls to deploy Windows, and Windows Update for Business settings will continue to update devices unless the IT Admin purposefully stops deployment. The first time broad deployment is conducted, IT should monitor update velocity and consider increasing that speed for the next feature update.
Accelerate the deployment of Windows 10 by considering the following recommendations:
Outcome - Flexible and agile with deployment strategies per feature update release
Outcome - Monitor support cases and use data driven insights to troubleshoot or delay adoption if issues arise
Outcome - Minimize bandwidth usage to reduce corporate network traffic
This article has provided guidance and recommendations on how those organizations using on-premises tooling can fit Windows feature updates into regular work. By aligning to a plan, prepare, and deploy motion through the use of a calendar based approach, enterprises are able to maintain a serviced version of Windows 10 on a faster cadence, which helps to harden the operating system against malicious intent, simplify OS administration for IT, improve OS performance, add new capabilities, and unlock new working scenarios. As you repeat, refine, and modernize the process, the example timings stated in the article will reduce and the move towards a data driven servicing model will become easier. Examples of a successful transition can be found within our own Core Services Engineering and Operations (CSEO) team. Let us know if you find this article helpful, and what approaches work well with your company to stay current with Windows 10.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.